Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for authorizing a transaction, comprising: generating, by or through a first device, an Id-PAN, the Id-PAN including a bank issuer identifier and at least in part a second device identifier, the second device identifier allowing to address the second device; sending, by the first device to a first server, a first message including a request for authorizing a transaction accompanied with the Id-PAN; sending, by the first server to a payment network, a message including a request for getting at least one identifier relating to a second server accompanied with the Id-PAN, the at least one second server identifier allowing to address the second server; extracting, by the payment network, the bank issuer identifier from the Id-PAN; getting, by the payment network, based upon the bank issuer identifier, at least one second server identifier; sending, by the payment network, to the first server, the at least one second server identifier; sending, by the first server to the second server, a second message including a request for a user authorization for the transaction accompanied with the Id-PAN and transaction data; retrieving, by the second server, based upon the Id-PAN, the second device identifier and user account data; sending, by the second server, based upon the second device identifier, to the second device a third message including a request for getting a user approval relating to the transaction accompanied with the transaction data and the user account data; requesting a user, by the second device, whether the second device user does or does not approve a requested transaction authorization; sending, by the second device to the second server, a fourth message including a request for authorizing the transaction accompanied with user approval data; determining, by the second server, based upon the user approval data, a user approval result, and sending to the first server a fifth message including a response for authorizing the transaction accompanied with the user approval result and the Id-PAN; sending, by the first server, to the second server a sixth message including a request for authorizing the transaction accompanied with the Id-PAN; verifying by the second server, based upon the Id-PAN, whether the requested transaction is or is not approved by the user; and sending by the second server to a server a seventh message including a verification result.
This invention relates to a transaction authorization system involving multiple devices and servers. The system addresses the challenge of securely authorizing transactions by leveraging a unique identifier (Id-PAN) that combines a bank issuer identifier and a second device identifier. The second device identifier allows the system to address a second device, such as a user's mobile device, for approval. The process begins with a first device generating the Id-PAN and sending a transaction authorization request to a first server. The first server forwards the request to a payment network, which extracts the bank issuer identifier from the Id-PAN to retrieve the address of a second server. The second server then uses the Id-PAN to obtain the second device identifier and user account data. The second server sends a request to the second device, which prompts the user to approve or reject the transaction. The second device sends the user's approval decision back to the second server, which determines the approval result and sends it to the first server. The first server then requests final authorization from the second server, which verifies the transaction status and sends a verification result. This system ensures secure and user-verified transaction authorization by involving multiple layers of validation and user interaction.
2. The method according to claim 1 , wherein the user of the second device approves the requested transaction authorization by depressing at least one predetermined key at the second device side.
A method for transaction authorization involves a system where a first device initiates a transaction request and a second device, operated by a user, approves the transaction. The second device receives the transaction request and prompts the user to authorize it. The user approves the transaction by depressing at least one predetermined key on the second device. This key-based approval mechanism ensures secure and intentional authorization, reducing the risk of unauthorized transactions. The method may include additional steps such as verifying the user's identity before processing the transaction, ensuring that only authorized users can approve requests. The system may also include encryption or other security measures to protect the transaction data during transmission between devices. The key-based approval process provides a simple yet effective way to confirm transactions, particularly in environments where quick and reliable authorization is needed, such as financial transactions or access control systems. The method enhances security by requiring physical interaction with the second device, making it difficult for unauthorized parties to approve transactions without direct access to the device.
3. The method according to claim 1 , wherein the second device user approves the requested transaction authorization by providing user authentication data to be successfully verified by or through the second device.
This invention relates to secure transaction authorization systems involving multiple devices. The problem addressed is ensuring secure and authenticated transaction approvals between users of different devices, particularly in scenarios where one user initiates a transaction and another must authorize it. The system involves at least two devices: a first device operated by a user initiating a transaction and a second device operated by a user who must approve the transaction. The first device generates a transaction request and sends it to the second device. The second device receives the request and prompts the second user to approve it. Approval is achieved by the second user providing authentication data, such as a password, biometric input, or other verification method, which the second device verifies. Only upon successful verification is the transaction authorized. The system ensures that the authorization process is secure and requires explicit user action, reducing the risk of unauthorized transactions. The method may include additional steps such as encrypting the transaction request, validating the request before prompting for approval, or logging the authorization event for audit purposes. The invention is particularly useful in financial transactions, access control systems, or any scenario requiring multi-party authorization.
4. The method according to claim 3 , wherein the user authentication data includes at least one element of a group comprising: a Personal Identity Number; at least one biometric print; user credentials; a user name; and a password.
This invention relates to user authentication systems, specifically methods for verifying user identity using multiple authentication factors. The problem addressed is the need for secure and flexible authentication mechanisms that can adapt to different security requirements and user preferences. The method involves collecting user authentication data, which may include at least one of the following elements: a Personal Identity Number (PIN), biometric prints (such as fingerprints or facial recognition), user credentials (like digital certificates or tokens), a username, or a password. This data is used to authenticate the user by comparing it against stored authentication records. The system allows for a combination of these elements to enhance security, ensuring that even if one factor is compromised, others remain as backup verification methods. The authentication process may involve dynamic selection of the required elements based on security policies or user context, such as location or device type. This adaptability helps balance security and usability, reducing the risk of unauthorized access while maintaining a smooth user experience. The method is particularly useful in applications where high security is required, such as financial transactions, access control systems, or sensitive data management.
5. The method according to claim 3 , wherein the second device generates a cryptogram, as user approval data, by using a predetermined cryptogram generation algorithm and the second server generates an expected cryptogram by using the cryptogram generation algorithm, the second server verifies whether the expected cryptogram does or does not match the cryptogram, the second server stores a cryptogram verification result, the user account identifier and the transaction data.
A system and method for secure transaction verification involves a second device generating a cryptogram as user approval data using a predetermined cryptogram generation algorithm. The second device may be a user's mobile device or another computing device authorized to approve transactions. The cryptogram is generated based on transaction data, such as payment details or authorization requests, and is sent to a second server for verification. The second server independently generates an expected cryptogram using the same cryptogram generation algorithm and compares it to the received cryptogram. If the cryptograms match, the transaction is verified as authentic. The second server then stores the cryptogram verification result, along with a user account identifier and the transaction data, to maintain a record of approved transactions. This method ensures secure and tamper-proof transaction approval by leveraging cryptographic verification, reducing the risk of unauthorized or fraudulent transactions. The system may be part of a broader payment or authentication framework, where the second device and server communicate over a secure network to validate user approval before processing transactions.
6. The method according to claim 5 , wherein, after having received the sixth message, the second server retrieves, based upon the Id-PAN, the transaction data, the user account identifier and the cryptogram verification result.
This invention relates to secure financial transaction processing systems, specifically addressing the challenge of verifying transaction authenticity and integrity in distributed payment networks. The method involves a second server in a payment processing system that receives a sixth message containing transaction data, a user account identifier (Id-PAN), and a cryptogram verification result. Upon receiving this message, the second server retrieves additional transaction data, the user account identifier, and the cryptogram verification result based on the Id-PAN. This retrieval process ensures that the transaction details are validated against the user's account information and that the cryptogram, a security token generated to authenticate the transaction, has been correctly verified. The system then uses this verified data to authorize or decline the transaction, enhancing security by preventing unauthorized or tampered transactions from being processed. The method is part of a broader system where multiple servers and messages are used to securely transmit and verify payment information, ensuring that only legitimate transactions proceed. This approach reduces fraud risks by validating cryptographic proofs and cross-referencing transaction details with user account data before final processing.
7. The method according to claim 6 , wherein the second server verifies whether the cryptogram verification result is a positive cryptogram verification or a negative cryptogram verification.
The invention relates to cryptographic verification systems, specifically methods for verifying cryptograms in a distributed server environment. The problem addressed is ensuring secure and efficient cryptogram verification across multiple servers, particularly in scenarios where verification results must be accurately classified to determine the validity of cryptographic operations. The method involves a system with at least two servers, where a first server generates a cryptogram and sends it to a second server for verification. The second server performs a cryptographic verification process on the received cryptogram, producing a verification result. This result is then classified as either a positive cryptogram verification, indicating the cryptogram is valid, or a negative cryptogram verification, indicating the cryptogram is invalid. The classification step ensures that the verification outcome is clearly distinguished, allowing subsequent systems or processes to act accordingly based on the verification status. This classification may involve comparing the verification result against predefined criteria or thresholds to determine its validity. The method enhances security by ensuring that cryptographic operations are properly validated before further processing, reducing the risk of unauthorized or tampered data being accepted. The system is particularly useful in applications requiring high-security cryptographic checks, such as financial transactions, authentication systems, or secure communications.
8. A system for authorizing a transaction, wherein, the system comprising a payment network, a first device, a second device, a first server and a second sever, the first device is configured to: generate an Id-PAN, the Id-PAN including a bank issuer identifier and at least in part a second device identifier, the second device identifier allowing to address the second device; and send, to a first server, a first message including a request for authorizing a transaction accompanied with the Id-PAN; wherein the first server is configured to send, to the payment network, a message including a request for getting at least one identifier relating to a second server accompanied with the Id-PAN, the at least one second server identifier allowing to address the second server; wherein the payment network is configured to: extract the bank issuer identifier from the Id-PAN; get, based upon the bank issuer identifier, at least one second server identifier; and send, to the first server, the at least one second server identifier; wherein the first server is configured to send, to the second server, a second message including a request for a user authorization for the transaction accompanied with the Id-PAN and transaction data; wherein the second server is configured to: retrieve, based upon the Id-PAN, the second device identifier and user account data; and send, based upon the second device identifier, to the second device, a third message including a request for getting a user approval relating to the transaction accompanied with the transaction data and the user account data; wherein the second device is configured to: request a user whether the second device user does or does not approve a requested transaction authorization; and send, to the second server, a fourth message including a request for authorizing the requested transaction accompanied with user approval data; wherein the second server is configured to: determine, based upon the user approval data, a user approval result; and send, to the first server, a fifth message including a response for authorizing the transaction accompanied with the user approval result and the Id-PAN; wherein the first server is configured to send, to the second server, a sixth message including a request for authorizing a requested transaction accompanied with the Id-PAN; and wherein the second server is configured to: verify, based upon the Id-PAN, whether the requested transaction is or is not approved by the user; and send, to a server, a seventh message including a verification result.
This system enables secure transaction authorization by leveraging a payment network, multiple devices, and servers. The system addresses the need for reliable user authentication and approval in digital transactions, particularly in scenarios where a user may not have direct access to their primary payment device. The system uses an Id-PAN (Identifier-PAN) that combines a bank issuer identifier with a second device identifier, allowing the second device to be addressed for transaction approval. The first device generates the Id-PAN and sends a transaction authorization request to a first server. The first server forwards the request to the payment network, which extracts the bank issuer identifier from the Id-PAN to retrieve the corresponding second server identifier. The first server then sends the transaction details and Id-PAN to the second server. The second server retrieves the second device identifier and user account data from the Id-PAN and forwards the transaction request to the second device. The second device prompts the user for approval and sends the user's decision back to the second server. The second server verifies the approval and sends the result to the first server, which then requests final authorization from the second server. The second server confirms whether the transaction is approved, ensuring secure and user-verified authorization. This system enhances transaction security by requiring explicit user approval through a secondary device, reducing unauthorized transaction risks.
Unknown
June 30, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.